LooCipher
''LooCipher ''(lucyfer)- To ransomware grasujący w internecie. Został znaleziony przez grupę Petrovic. Zachowanie Prawdopodobnie rozprzestrzenia się przez kampanie spamową. Wirus jest schowanym plikiem .docm o nazwie Info_BSV_2019.docm . Jeżeli ofiara ma włączone makra, plik połączy się z siecią TOR i połączy się z adresem hcwyo5rfapkytajg.onion.pet/3agpke31mk.exe (nie wchodźcie tam) Po czym włączy ten plik. Po czym tworzy plik c2056.ini w którym będzie trzymać specjalne ID komputera oraz limit czasowy po którym klucz przestanie działać, jak i adres bitcoin. Po kilku sekundach zaczyna szyfrować pliki. Program szyfruje te oto rozszerzenia .sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt Wirus tworzy jeszcze plik tekstowy z takimi notatkami Q: What happened to my files? A: All your important files (including those on the network disks, USBs, etc.) have been encrypted using a strong algorithm with a private and unique key generated for you. Q: Where is my key? A: Your key is stored in our TOR servers in order to preserve the anonymity. Q: What do I do? A: You need to make a Bitcoin payment for the decryption. Please send €300 (~$330) worth of Bitcoin to this address: 1Ps5Vd9dKWuy9FuMDkec9qquCyTLjc2Bxe Q: Can I recover my files by other means? A: No. There is not such a computing power nowadays to find this key within the time of a human could live. Even if you use Tianhe-2 (MilkyWay-2), currently the fastest supercomputer in the world, it will take millions of years. Neither NO ONE ANTIVIRUS CAN BRING YOUR FILES BACK, the only thing they could do is delete the decryptor software, but it's impossible they can recover your files, and if some of them is trying to sell you that, we invite you to purchase it and try. Q: How much time do I have? A: You have 5 days since your files were encrypted. Specifically until 2019/06/24 14:28. After this period your key will be automatically destroyed (except for the case of having made the transaction within the period but because of the transaction remains pending of being confirmed by the blockchain this time period is excedeed. In this case the key will remain safe throughout all this "pending of being confirmed" status of your transaction and additionally it will remain 7 days more after your transaction is confirmed in order that you have enough time to recover your files) Q: How can I trust? A: We strongly guarantee you can recover your files. Besides, if we didn't do it nobody trust us and we wouldn't get any payment. In fact, we built the decryptor in the own encryptor software as well in order to make the decryption process as simple as possible for you, thus avoiding having to download an external decryptor. Just make the payment, click and if your payment is approved the button will become enable to click. If somehow you closed the decryptor window and you can't run the decryptor software you can download a copy of the decryptor through this link: https://mega.nz/#!KclRVIRY!YrUgGjvldsoTuNZbCOjebAz5La7hbB41nJHk1mlgqZo (Don't worry, your files won't be re-encrypted if they already are). Kategoria:Ransomware Kategoria:Ransomeware Kategoria:Wirus Kategoria:Trojan Kategoria:Windows